From 167d076edc956a8aa1e07179753ff9f3b9f99133 Mon Sep 17 00:00:00 2001
From: Graham Campbell <graham@alt-three.com>
Date: Sat, 28 May 2016 15:45:38 +0100
Subject: [PATCH] Fix crap login throttling

---
 .../Displayers/ThrottleDisplayer.php          | 88 +++++++++++++++++++
 app/Http/Kernel.php                           |  2 +-
 composer.json                                 |  1 +
 composer.lock                                 | 66 +++++++++++++-
 resources/lang/en/forms.php                   |  1 +
 5 files changed, 155 insertions(+), 3 deletions(-)
 create mode 100644 app/Foundation/Exceptions/Displayers/ThrottleDisplayer.php

diff --git a/app/Foundation/Exceptions/Displayers/ThrottleDisplayer.php b/app/Foundation/Exceptions/Displayers/ThrottleDisplayer.php
new file mode 100644
index 000000000..f36871db9
--- /dev/null
+++ b/app/Foundation/Exceptions/Displayers/ThrottleDisplayer.php
@@ -0,0 +1,88 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Foundation\Exceptions\Displayers;
+
+use Exception;
+use GrahamCampbell\Exceptions\Displayers\DisplayerInterface;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
+
+class ThrottleDisplayer implements DisplayerInterface
+{
+    /**
+     * The request instance.
+     *
+     * @var \Illuminate\Http\Request
+     */
+    protected $request;
+
+    /**
+     * Create a new redirect displayer instance.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @return void
+     */
+    public function __construct(Request $request)
+    {
+        $this->request = $request;
+    }
+
+    /**
+     * Get the error response associated with the given exception.
+     *
+     * @param \Exception $exception
+     * @param string     $id
+     * @param int        $code
+     * @param string[]   $headers
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    public function display(Exception $exception, $id, $code, array $headers)
+    {
+        return redirect()->route('auth.login')->withError(trans('forms.login.rate-limit'));
+    }
+
+    /**
+     * Get the supported content type.
+     *
+     * @return string
+     */
+    public function contentType()
+    {
+        return 'text/html';
+    }
+
+    /**
+     * Can we display the exception?
+     *
+     * @param \Exception $original
+     * @param \Exception $transformed
+     * @param int        $code
+     *
+     * @return bool
+     */
+    public function canDisplay(Exception $original, Exception $transformed, $code)
+    {
+        return $transformed instanceof TooManyRequestsHttpException && $this->request->is('auth*');
+    }
+
+    /**
+     * Do we provide verbose information about the exception?
+     *
+     * @return bool
+     */
+    public function isVerbose()
+    {
+        return false;
+    }
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 95b1f7862..9e0da573e 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -59,6 +59,6 @@ class Kernel extends HttpKernel
         'ready'       => 'CachetHQ\Cachet\Http\Middleware\ReadyForUse',
         'setup'       => 'CachetHQ\Cachet\Http\Middleware\SetupAlreadyCompleted',
         'subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured',
-        'throttle'    => 'Illuminate\Routing\Middleware\ThrottleRequests',
+        'throttle'    => 'AltThree\Throttle\ThrottlingMiddleware',
     ];
 }
diff --git a/composer.json b/composer.json
index 132baf767..367b312a6 100644
--- a/composer.json
+++ b/composer.json
@@ -24,6 +24,7 @@
         "alt-three/badger": "^3.1",
         "alt-three/bus": "^1.1",
         "alt-three/emoji": "^3.1",
+        "alt-three/throttle": "^1.0",
         "alt-three/validator": "^1.5",
         "backup-manager/laravel": "^1.1",
         "barryvdh/laravel-cors": "^0.8",
diff --git a/composer.lock b/composer.lock
index 9de466d0d..d068c2e59 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "20e1a31cd1a88b67ac946fb3c3453a11",
-    "content-hash": "ed5e328f5b020fdc07ee9bfb3c639d81",
+    "hash": "d58416fb0d16c8b7fc9b936b6f642c39",
+    "content-hash": "226b91629f9aa94bb32446a4e963600c",
     "packages": [
         {
             "name": "alt-three/badger",
@@ -201,6 +201,68 @@
             ],
             "time": "2016-04-22 17:24:35"
         },
+        {
+            "name": "alt-three/throttle",
+            "version": "v1.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/AltThree/Throttle.git",
+                "reference": "55738ea2e3900e9ba785aa8495c4a82cbb7eb998"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/AltThree/Throttle/zipball/55738ea2e3900e9ba785aa8495c4a82cbb7eb998",
+                "reference": "55738ea2e3900e9ba785aa8495c4a82cbb7eb998",
+                "shasum": ""
+            },
+            "require": {
+                "illuminate/cache": "5.2.*|5.3.*",
+                "illuminate/http": "5.2.*|5.3.*",
+                "php": ">=5.5.9"
+            },
+            "require-dev": {
+                "graham-campbell/testbench": "^3.1",
+                "phpunit/phpunit": "^4.8|^5.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "AltThree\\Throttle\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "James Brooks",
+                    "email": "james@alt-three.com"
+                },
+                {
+                    "name": "Graham Campbell",
+                    "email": "graham@alt-three.com"
+                },
+                {
+                    "name": "Joseph Cohen",
+                    "email": "joe@alt-three.com"
+                }
+            ],
+            "description": "A request rate limiter for Laravel 5.2+",
+            "keywords": [
+                "Alt Three",
+                "http",
+                "rate limit",
+                "rate limiter",
+                "throttle"
+            ],
+            "time": "2016-05-28 14:23:19"
+        },
         {
             "name": "alt-three/validator",
             "version": "v1.5.0",
diff --git a/resources/lang/en/forms.php b/resources/lang/en/forms.php
index 9a373e034..e706de8a2 100755
--- a/resources/lang/en/forms.php
+++ b/resources/lang/en/forms.php
@@ -34,6 +34,7 @@ return [
         'invalid'       => 'Invalid username or password',
         'invalid-token' => 'Invalid token',
         'cookies'       => 'You must enable cookies to login.',
+        'rate-limit'    => 'Rate limit exceeded.',
     ],
 
     // Incidents form fields